Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

6b05bea919...18.doc

windows7-x64

10

6b05bea919...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b05bea9195fa2aa09b6c86038221073_JaffaCakes118

  • Size

    484KB

  • Sample

    240523-p9vgtsbg62

  • MD5

    6b05bea9195fa2aa09b6c86038221073

  • SHA1

    5b62fe9202aba72540d674741d3fd024641cac4f

  • SHA256

    ea31594f27362ee525951c5a3d47a94b66cdbb51a7227c4381d622df57c7c7bc

  • SHA512

    8bfb1d02d1eb64118db00ab619fbe4a3a830c06b7782b12d96f40e5c1b762c7a6f77748a39f549405664b31db477684f502c780561d0740b9b30c289a2506800

  • SSDEEP

    6144:zdlSApEXv/354poAMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVAJTVH:zDSApaX54poA8SVIf51E4K14o8IuD

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.venturelendingllc.com/Wxw9QNt8I
exe.dropper

http://barabooseniorhigh.com/FWLR2ZT
exe.dropper

http://mimiabner.com/x7bQDOiSJe
exe.dropper

http://vesidailucachau.com/F1zcXKyj
exe.dropper

http://altuntuval.com/8cfiGmIXk

Targets

    • Target

      6b05bea9195fa2aa09b6c86038221073_JaffaCakes118

    • Size

      484KB

    • MD5

      6b05bea9195fa2aa09b6c86038221073

    • SHA1

      5b62fe9202aba72540d674741d3fd024641cac4f

    • SHA256

      ea31594f27362ee525951c5a3d47a94b66cdbb51a7227c4381d622df57c7c7bc

    • SHA512

      8bfb1d02d1eb64118db00ab619fbe4a3a830c06b7782b12d96f40e5c1b762c7a6f77748a39f549405664b31db477684f502c780561d0740b9b30c289a2506800

    • SSDEEP

      6144:zdlSApEXv/354poAMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVAJTVH:zDSApaX54poA8SVIf51E4K14o8IuD

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks